Contrib.social

Authenticated user denied access to images from ImageSelect element when in private files dir

Open on Drupal.org β†’
Created on 11 April 2023, over 1 year ago
Updated 26 May 2023, over 1 year ago

Webform latest 6.1^ on latest drupal 9.5.7.

I have "Default download method" set to private files dir at web/admin/config/media/file-system
Private files dir is outside the drupal root (at same level of /web).

I have an ImageSelect element and the images path in the element config is sth like: /web/system/files/webform/myimages/123.png

If accessing the form as admin I can see the images with no problem.
If accessing as an authenticated user who can create and view own submission, the images aren't displayed and if I try to right click on an image and open in a new tab it gives Access Denied.

No such issue if I set the images path to point to public web/sites/default/files (while still the "Default download method" set to private in File System settings) . But then, the selected images don't show on the submission results page and when I right click on them and open in a new tab I get page 404 and wrong link like:

https://mysite.tld/web/admin/structure/webform/manage/MyWebform/results/...

πŸ› Bug report
Status

Closed: outdated

Version

6.1

Component

Code

Created by

cestmoi

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Issue created by @cestmoi
  • Comment over 1 year ago β†’
    cestmoi
  • Comment over 1 year ago β†’
    cestmoi
  • Comment over 1 year ago β†’
    cestmoi
  • Comment over 1 year ago β†’
    cilefen

    Please provide the YAML of a minimal form that reproduces the bug.

  • Comment over 1 year ago β†’
    cestmoi

    Thanks @cilefen
    The issue can be seen on the Image Select element in the example_style_guide webform after changing the images paths to point to private dir as per below example.
    Below is the relevant part ( plus a separate issue re rating stars) from the example form. Both the example form and this mini form copied from it and just edited the images paths. 

    introduction:
  '#markup': '<p>Below is taken form the example_style_guide webform and all the webform settings are left as is. The issue: Images show fine to admin but not to permitted users when images in private dir (Default file download is set to private in File System config), user gets Access Denied when trying to open the image in a new tab, images src look correct in the source code. A seperate issue is the "rating stars" aren''t showing (for anyone) on preview (regardless of user privilege)</p>'
advanced_elements:
  '#type': details
  '#title': 'Advanced elements'
  '#open': true
  webform_image_select:
    '#type': image_select
    '#title': 'Image select'
    '#images':
      kitten_1:
        text: 'Cute Kitten 1'
        src: /system/files/webform/imagetest/kitten1.jpg
      kitten_2:
        text: 'Cute Kitten 2'
        src: /system/files/webform/imagetest/kitten2.jpg
      kitten_3:
        text: 'Cute Kitten 3'
        src: /system/files/webform/imagetest/kitten3.jpg
    '#show_label': true
  webform_rating:
    '#type': rating
    '#title': Rating
  • Comment over 1 year ago β†’
    cestmoi
  • Comment over 1 year ago β†’
    cestmoi

    sorry for the bump but I wonder if there is any process !

  • Comment over 1 year ago β†’
    cilefen
  • Comment over 1 year ago β†’
    cestmoi

    Thanks. I understand and appreciate all the support and the work and I do my best to help with all I can within my abilities (contributing to Drupal) but isn't such a bug a priority though regardless! In fact, all my questions here are for a voluntary work and I personally couldn't afford any extra financial burden on top of it.

    Anyways, thanks for responding and letting know why the bug is ignored. If there is anything else I can help with apart from money, please let me know.

  • Status changed to Closed: outdated over 1 year ago
  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY

    This 100% feels like a private files permission issue and has nothing to do with the webform module.

    @see https://www.drupal.org/project/private_files_download_permission β†’
    @see https://ostraining.com/blog/drupal/file-access/

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024